[MyData & Open Data] Blog on open data ABOUT privacy

• Previous message: [MyData & Open Data] Blog on open data ABOUT privacy
• Next message: [MyData & Open Data] Blog on open data ABOUT privacy
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Great Discussion Javier, 

On 19 Mar 2014, at 22:00, Javier Ruiz <javier at openrightsgroup.org> wrote:

>>> So beyond the scenario where people consent, (consent of the governed, consent of the customer, etc)  What are the exceptions for when Big Data, or Open Data can be created, used, aggregated, etc. without consent?  What are the exceptions to the exceptions? 
>>> 
>> E.g. —> Employee Data, Criminal Data, National Security, Health Emergence, etc.
>> 
>  
>> This seems pretty black and white, either there is consent or their is not.    Ingenuity in enabling people to consent is the real opportunity and challenge here. Not, how do we get around it. Why the grey? 
>> 
> I also think that consent and not opening personal data should be the standard. 

> 
> One exception and grey area is people wanting to share their personal data with the world. Not all their data, but maybe something they feel proud of (e.g. weight loss, miles run), or they are patients hoping a cure will come. And throw in a few extras to make it more useful (postcode, gender, age). Soon you have a privacy situation.

The ability for people to volunteer personal information is a key to many problems in this space.  But, this ability needs a bit of work to be useful, e.g. pseudonyms with attributes attached, time limits on use of attributes, post consent control - etc. 

> 
> The question is whether they can have any control over what happens to their data afterwards. Legally it is not clear if you disclose your personal information yourself. But we could follow the consent principle and say that these people consent to share.
> 
> Consent should be specific and informed - that’s why some privacy policies just throw every permutation of data types and purposes, making it worse. But on the other extreme, you cannot just consent to your data to “be open”. It is not specific. 

Well, if consent is not informed and specific it is not consent, the companies that do the every purpose in the book approach are not compliant with the current data protection law.   We need to Open Notice so we can see the good and the bad. 

> 
> There are advocates for consent to “big data processing” to be admitted as valid, but this is just asking for trouble down the line.

well, if people controlled the transformation of their own data this would not be such a big problem. 

> 
> I think that you need to figure out some solution (dynamic consent, transferable consent?). It is a difficult problem.

contextual use of PII - not that big of a problem. 

> 
> In the case of the other exceptions you mention above there are some other issues:
> 
> 1. currently nobody needs your consent to anonymise your data, and once anonymised it’s not yours. There is an argument that you should have some form of moral right over your data, even if you cannot be identified. For example, you may not want to contribute to the development of biological weapons, albeit indirectly. Besides, that data could be used to profile you with detrimental effects, even if you cannot be identified. 

They do need my consent to have my data, and if I don’t consent to the purpose of anonymising the data then it is not informed consent - Am I missing something here? 
> 
> 2.  compulsory disclosures of personal data like those above are still subjected to privacy laws, at least in Europe. Even if personal data is public, you cannot just do whatever you want.  
> 
> Most people criticising consent want to bypass it. But we can be critical to improve it.

+1 to that

>> What is a known unknown?  (please define)
> 
> In my view:
> 
> Known unknowns would be where you consent to your data being freely re-used for - say - research on unspecified medical conditions, or even public interest scientific, social or medical research in the broadest sense, or even non public interest. 

Again this can’t be informed consent if it is not purpose limited. 

> 
> Unknown unknowns is when your health data ends up being used to develop biological weapons. 

Health data and its use needs to be very strongly regulated and controlled, not privatised.   As Phil Booth mentioned this is a critical and very alarming issue that can see people sold out to pharmaceutical companies etc. 

>> 
>> So, the question really should be —>  How can people consent to transform their data to open data or Our Data?  What infrastructure, technology, tools, politics do we need? 
>> 
>>> I hope we get to discuss more about the free market approach of personal datastores and fair monetisation of data.
>>> 
>> IMO - the answer is obvious, - This is on fair and equitable terms, where/when people can leverage and benefit from their own data, control the use of their ‘real identities’.   
>> 
>  
> I think this could work to a point with some data, but we have to be sceptic until we see evidence. People like Morozov already disagree on this. They see Privacy is a social good, not an individual property to be sold, and personal data in the context of existing social relationships where accumulation of wealth and power mean that your data will end up being syphoned by a few companies who create value through volume. 

Morozov seems cynical, but, I do and don’t agree with him..  There is a very good point in there.  One of my early fears was that work in personal data control will end up spurring a market for digital slavery. While this is a concern, Privacy is not necessarily a social good as it is more a social condition of the individual.  Privacy is not property that can be sold.  Even so our attributes in various contexts are being sold, albeit, without benefit to the data subject. (or what I like to call the Master Controller) 

Wether we like it or not our data is already being sold, the question is at what point (or in what way) will people get apart of the profits or reap personal benefits from this information exchange? Privacy and attributes are two different things.

Morozov thinks that "

"like financialisation, mediatisation is primarily a failure of regulation.”

Not sure he understands what privacy is. 

Best 

Mark

> 
> best, javier
> 
> 
>  
>> Mark
>>> Javier
>>> 
>>> On 19 Mar 2014 18:24, "Phil Booth" <phil at einsteinsattic.com> wrote:
>>>> Sure. We understand psychology and behavioural economics – but without transparency and consent (which we’re not even close to yet) you don’t get a ‘free market’ for privacy. You get systemic misuse, abuse and worse...
>>>>  
>>>> Phil
>>>>  
>>>> From: mydata-open-data [mailto:mydata-open-data-bounces at lists.okfn.org] On Behalf Of Javier Ruiz
>>>> Sent: 19 March 2014 16:41
>>>> To: Mark L
>>>> Cc: mydata-open-data at lists.okfn.org; opennotice at googlegroups.com
>>>> Subject: Re: [MyData & Open Data] Blog on open data ABOUT privacy
>>>>  
>>>> Hi, I don’t want to open up a huge debate (yet ;-) but!
>>>>  
>>>> transparency and consent will only get you so far, worth looking at the wok of Alessandro Acquisti on behavioural economics applied to privacy (quick summary: humans seem unable to make sensible decisions)
>>>>  
>>>> http://www.ted.com/talks/alessandro_acquisti_why_privacy_matters
>>>>  
>>>> -- 
>>>> Javier Ruiz
>>>> javier at openrightsgroup.org
>>>> +44(0)7877 911 412
>>>> @javierruiz
>>>> www.OpenRightsGroup.org
>>>>  
>>>> On Wednesday, 19 March 2014 at 16:26, Mark L wrote:
>>>> 
>>>> Great Post Reuben, 
>>>>  
>>>> Another reason why open data about transparency over data control is so important and an indicator of how this transparency (or Open Notice) can solve lots of personal data problems we face today.  
>>>>  
>>>> - Mark
>>>>  
>>>>  
>>>> On 18 Mar 2014, at 16:28, Javier Ruiz <javier at openrightsgroup.org> wrote:
>>>> 
>>>> 
>>>> Reuben Binns has posted an excellent blog on our Working Group’s page on his research around a little know open-data-set: the UK Register of Data Controllers. 
>>>>  
>>>> The data is about what organisations declare they might do, not what they do in practice, but it raises lots of interesting questions.
>>>>  
>>>> http://personal-data.okfn.org/blog/
>>>>  
>>>> -- 
>>>> Javier Ruiz
>>>> javier at openrightsgroup.org
>>>> +44(0)7877 911 412
>>>> @javierruiz
>>>> www.OpenRightsGroup.org
>>>>  
>>>> _______________________________________________
>>>> mydata-open-data mailing list
>>>> mydata-open-data at lists.okfn.org
>>>> https://lists.okfn.org/mailman/listinfo/mydata-open-data
>>>>  
>>>>  
>> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/mydata-open-data/attachments/20140320/2c0bed39/attachment-0003.html>

• Previous message: [MyData & Open Data] Blog on open data ABOUT privacy
• Next message: [MyData & Open Data] Blog on open data ABOUT privacy
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]